.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
Shifting from a SOC 2 Type 1 Audit to a Type 2 Audit
by Jerry Hughes on February 24, 2025 at 1:44 PM
For organizations striving to showcase their dedication to strong security, availability, processing integrity, confidentiality, and privacy, SOC 2 compliance serves as a vital benchmark. However, progressing from a SOC 2 Type 1 audit to a Type 2 audit requires careful strategic plann …
Aligning Zero Trust Principles with SOC 2 Trust Service Criteria
by Bernard Gallagher on February 11, 2025 at 4:20 PM
Achieving SOC 2 compliance requires organizations to implement rigorous security controls, and adopting a Zero Trust approach can significantly enhance this effort. Zero Trust is built on the principle of “never trust, always verify”, ensuring that access to systems, data, and applica …
CJIS Security Policy v6.0 – Key Updates You Need to Know
by Kelly O’Brien on February 10, 2025 at 2:15 PM
The Criminal Justice Information Services (CJIS) Security Policy v6.0, released on December 27, 2024, introduces significant modernization efforts aimed at enhancing security, compliance, and risk management in handling Criminal Justice Information (CJI). As technology and cyber threa …
How Can I Hire a Virtual CISO For My Business?
by Jeffrey Torrance on February 4, 2025 at 3:15 PM
As cybersecurity threats continue to evolve, businesses—especially small and mid-sized enterprises (SMEs)—are increasingly recognizing the need for strong security leadership. However, hiring a full-time Chief Information Security Officer (CISO) may not always be feasible due to budge …
New PCI Requirements Released for SAQ A Merchant Validation
by Kyle Daun on February 3, 2025 at 11:49 AM
The PCI Security Standards Council (PCI SSC) recently introduced significant updates for merchants validating their compliance using Self-Assessment Questionnaire A (SAQ A). These updates, part of PCI DSS v4.0.1, reflect industry feedback and evolving security concerns, particularly t …
When SOC 2 Compliance Makes Sense
by Bernard Gallagher on January 28, 2025 at 3:51 PM
In today’s business landscape, security and trust are paramount. SOC 2 compliance has become a widely recognized standard for demonstrating a commitment to protecting sensitive data and maintaining robust security practices. Whether you’re working with enterprise clients, handling cri …